From beabdac7181a580cd1ca5575b3ebd0ffa054f896 Mon Sep 17 00:00:00 2001
From: Andrzej Novak <novak5andrzej@gmail.com>
Date: Fri, 8 Mar 2024 01:45:43 +0100
Subject: [PATCH] trusted publish (#478)

---
 .github/workflows/cd.yml | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index c64e6387..1f61982d 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -26,18 +26,17 @@ jobs:
       run: pipx run twine check dist/*
 
 
-  publish:
-    needs: [dist]
-    runs-on: ubuntu-latest
-    if: github.event_name == 'release' && github.event.action == 'published'
-
-    steps:
-    - uses: actions/download-artifact@v3
+publish:
+  needs: [dist]
+  environment: release
+  permissions:
+    id-token: write
+  runs-on: ubuntu-latest
+  if: github.event_name == 'release' && github.event.action == 'published'
+  steps:
+    - uses: actions/download-artifact@v4
       with:
-        name: artifact
+        name: Packages
         path: dist
 
-    - uses: pypa/gh-action-pypi-publish@v1.8.5
-      with:
-        password: ${{ secrets.pypi_password }}
-        print-hash: true
+    - uses: pypa/gh-action-pypi-publish@release/v1